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REMARKS/ARGUMENTS 

These remarks are made in response to the Final Office Action of December 22, 
2004 (Office Action), As this response is timely filed within the three-month statutory 
. period, no fee is believed due. 

Additionally, as Applicants have included amendments which will likely require a 
new search, Applicants have filed this response in the form of a Request for Continued 
Examination (RCE) so as to avoid late fees and to expedite the prosecution of the instant 
Application. The Examiner is authorized to charge the requisite fee for filing such a 
Request for Continued Examination to Deposit Account No. 50-0951, 

In paragraph 3 of the Office Action, the Examiner has objected to claim 40 for 
minor informalities. Applicants have corrected these informalities and respectfully 
request that ths objection be withdrawn. 

In paragraph 4, the Examiner has rejected claims 1-41 under 35 U.S.C. § 112 as 
failing to comply with the written description requirement. In particular the Examiner 
took exception with the term "obscuring data", the term "repudiating", and the term 
"authorizing engine." In response, Applicants have amended the claims to remove the 
objected to terms. Amendments to the independent claims 1 and 19 resulted in 
corresponding amendments to claims 2-5, 20-23, and claim 41 to maintain consistent 
terminology within the claims. Accordingly, the 35 U.S.C. § 1 12 rejections to claims 1- 
41 should be withdrawn, which action is respectfully requested. 

In parajjraph 5, claims 1-3, 5, 16-21, 23, 37-40 and 41 were rejected under 35 
U.S.C. § 102(lr) as being anticipated by U.S. Patent No. 5,548,647 to Naik, et al. (Naik). 
In paragraph 5, claims 4 and 22 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Naik in view of U.S. Patent No. 5,719,560 to Watkins (Watkins). In 
paragraph 7, claims 6-15 and 24-36 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Naik in view of Watkins, in further view of Coteus. 
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Applicjints have amended independent claims 1, 19, and 40 to clarify that the 
claimed invention can establish a private communications link between a user and the 
publicly positioned device. The publicly positioned device can present device generated 
data over the private communications link. The invention can prompt the user for a 
combination cf the device generated data and authorizing data, can receive a user input 
through a pubiic input means of the publicly positioned device, can extract user-provided 
authorizing data from the user input (where the user input also contains the device 
generated data), and can authorize the user to utilize the publicly positioned device based 
upon the extracted authorizing data. Support for these amendments in accordance with 
MPEP 2163 (requirement of having express, implicit, or inherent support in the 
specification) can be found at page 20, lines 5-16, page 7, lines 2-13, by FIGS. 1-7B, and 
throughout the specification. 

Additionally, Applicants have included more detailed excerpts from the disclosure 
below to aid the Examiner in matching particular claim limitations and phrases contained 
within these limitations with the disclosure. 

Accordingly, the device generated data of the amended claims is supported by 
page 15, line 27-28 detailing that an ATM (publicly positioned device as per page 7, lines 
22-23) can compute a random number (device generated data) using random number 
generation tecljniques well known in the art. Additional support can be found at page 
18. lines 18-2.., in context of an example involving a telephone kiosk and a telephone 
link. 

The private communication link of the claims can include the privately viewable 
display that requires active glasses as well as a telephone interface, as noted in the 
specification. Hie first being supported at page 8, lines 16-25, where the claimed private 
communication channel is the video display I OK that utilizes the video circuitry IOC to 
contain private data so that unauthorized viewers who plainly view the video display 10K 
without the benefit of the active glasses 20 cannot observe the private data. The second 
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being supported by page 18, lines 12-14, where the publicly positioned device is the 
telephone kiosk as per page 17, lines 12-13. 

The ptompting for the combination of the device generated data and authorizing 
data is suppo rted by page 16, lines 1-8 detailing that a user can be prompted to key the 
random number (device generated data) and the user's PIN (authorizing data). Additional 
support can be found at page 18, lines 15-16, page 18, lines 22-28, and page 20, lines 5-7. 

The interspersing of authorizing data with device generated data is supported 
between page 15, line 22 and page 16, line 8, 

A user input that can be received through a public input means of the publicly 
positioned device is supported by page 7, lines 23-24, by page 18, lines 3-4, by page 18, 
lines 15-16. 

The extracting of user-provided authorizing data is supported by page 16, lines 9- 
10 and by paj;e 19, lines 2-3* The authorizing is supported by page 16, lines 11-14 and 
by page 19, lines 4-7. 

Claim ;J7 has been amended, as supported by originally filed claim L Claim 38 
has been amended to clarify that the device generated data consists of randomly 
generated digits, as supported by page 15, lines 27 to page 16, lines 8 and by page 16, 
lines 15-25. Mo new matter has been added as a result of these claim amendments. 

Prior to addressing the rejections on the art, a brief review of the Applicants' 
invention and the cited references is appropriate. The Applicants have invented a 
method, apparatus, and system for a user to provide authorizing data using a public input 
means of a p jblicly positioned device without fear of onlookers observing and later 
utilizing the authorizing data. The publicly positioned device can generate data and 
provide this dfita to the user over a private communications link to which the onlooker is 
not privy. Th? user can be prompted to enter a combination of authorizing data and the 
device generated data (for example - enter the first two digits of a calling card number 
followed by the device generated data such as a randomly selected three digit number 
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followed by ihe last twelve digits of the calling card number). The user can input this 
combination of authorizing data and device generated data through a public input means 
(such as keypad or a microphone) of the publicly positioned device. The user-provided 
authorizing dita can be extracted from the user input (since the positions in which the 
device generated data have been placed are known to a device that authorizes access) and 
used to authorize the user. Accordingly, even though an input was entered through a 
public input rieans, an observer cannot easily acquire the user's authorizing data, as the 
observer is unable to distinguish the device generated data from the authorizing data. 

Naik discloses a method for ascertaining the identity of a user based upon vocal 
characteristics of the user, Naik teaches that an arbitrary phrase should be emitted that 
the speaker desiring access to the secured device must repeat. The speaker's vocal 
characteristics for the repeated phrase are used during the authorization process. The 
purpose of Naik is to provide a security measure based upon vocal characteristics that 
cannot be circumvented by an intruder pre-recording an utterance upon a recorder. 

Watkins discloses a method for verifying a user's identity using a cue-response 
pair instead of a traditional password, Watkins teaches that the cue can be a word such as 
"wolf and the response can be a word such as "crown" that a user associates with "wolf \ 
The purpose of Watkins is to overcome the problems associated with users forgetting 
passwords, since according to Watkins, users have an easier time recalling a cue-response 
pair than recal .ing a password. 

Coteus discloses an apparatus for masking displayed data by merging a primary 
image with a secondary image, thereby creating an "optical mask" that obscures the 
primary image from observers. In order to see the primary image, the viewer must have a 
means for removing the secondary image. One such means is an electronic shutter and a 
transparent sh*«t of material, where the secondary image is displayed on the transparent 
sheet of material- The pulses used to display the image on the transparent sheet can be 
timed with the electronic shutter, so that the image formed from the pulses (the secondary 
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image) is not seen by a user viewing the display through the shutter. The purpose of 
Coteus is to permit a laptop computer user to confidentially view a display screen* 

Claims 1-3, 5, 16-21, 23, 37-41 have been rejected under 35 U.S.C. §102(b) as 
being anticipated by Naik. For a rejection to be proper under 35 LLS.C. § 102(b), each 
and every claimed limitation must be explicitly or inherently taught by the referenced ait 
Referring to claims 1, and 19, Applicants claim the steps of: 

establishing a private communications link between a user and the publicly 
positioned device; 

the publicly positioned device presenting device generated data over the private 
communications link; 

prompting said user for a combination of the device generated data and the 
authorizing data, where the prompted combination intersperses the device generated 
data and the authorizing data in a manner determined by the publicly positioned device; 

receiving a user input through a public input means of the publicly positioned 
device; 

extracting user-provided authorizing data from the user input, wherein the user 
input also con tains the device generated data; and 

authorizing the user to utilize the publicly positioned device based upon whether 
the extracted authorizing data is equivalent to the authorizing data. 

Applicants do not agree that Naik teaches a publicly positioned device (Fig. 1 and 
column 4, lines 27-50 are cited for these teachings). Instead, Naik teaches a means for 
entering a secure room using a telephone outside the secure room. The hallway of the 
secure area, however, is never described by Naik as being "public", which is defined in 
terms of the claimed invention as being located in a position that the public can easily 
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observe a user's input. For example, an ATM machine is a publicly positioned device. 
Consequently, the telephone set is not expressly a publicly positioned device. 

Moreover, the telephone set 20 of Naik is not inherently a publicly positioned 
device as described in Naik. Recall that the purpose behind Naik is to prevent an intruder 
from gaining access to the secure room by using a pre-recorded utterance. If the 
telephone set 20 were publicly positioned, however, the teachings of Naik would be 
unnecessary, is an observer would notice the intruder's use of a handheld recorded 
having the prerecorded utterance and would thereafter alert security of an intrusion. 
Naik, taken as a whole, assumes that the telephone set 20 is privately positioned. 

Additionally, Naik fails to teach the step of prompting for authorizing data. The 
Examiner citeii column 5, lines 7-28 for this teachings. Naik fails to teach authorizing 
data as clained by the Applicants and instead teaches a "personal non-secret 
identification code." This non-secret code is not the same as authorizing data, which is 
secret, otherwise it would not be valuable as a security measure for purposes of the 
claimed invention (i.e., a non-secret PIN would not provide any significant security for 
accessing an ATM). 

Also, Naik fails to explicitly or inherently teach (or suggest) prompting for a 
combination o:f interspersed device generated data and authorizing data. 

Naik fails to explicitly or inherently teach the step of authorizing the user to utilize 
the publicly positioned device based upon whether the extracted authorizing data is 
equivalent to the authorizing data. The Examiner cites column 8, line 39 - column 9, line 
6 for this teaching. The cited portion details a method for verifying a person's identity 
based upon speech characteristics, which is not the same as the Applicants claimed step. 

The limitations discussed for claims 1 and 19 that are not expressly or inherently 
present in Naik are also contained within claim 40. Because Naik fails to expressly or 
inherently teach each of the Applicants' claimed limitations, the 35 U.S.C. §l02(b) 
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rejections to claims 1-3, 5, 16-21, 23, 37-41 should be withdrawn, which action is 
respectfully requested. 

Although these claims should be in a condition for allowance, Applicants point out 
a few additional distinctions for completeness. 

Regarding claims 2 and 20, the Applicants claim separately prompting said user 
for a subset of the digits of the authorizing data followed by at least some of the digits of 
the device generated data, followed by additional digits of the authorizing data, Naik 
contains no such teachings. 

Regarding claims 3 and 21, the Applicants claim that authorizing data is 
segmented into at least two portions and that the user is prompted for device generated 
data between the separate portions. Column 6, lines 10-29 is cited for this teaching. The 
cited reference states only that multiple prompts can be presented to the user (the first to 
keypad enter the non-secret identifier, the second to speak the non-secret identifier and 
phase). This is not the same as the limitation of claim 3, 

Regarding claim 16, the Examiner cites column 4, lines 40-62, for teachings that 
the security method utilizes a human operator to prompt the user. The cited passage, 
however, provides no teachings and instead provides structural components of the 
speaker verification system, which does include some telephony equipment. No mention 
explicitly or inherently of a human operator is contained in the cited passage. Further, a 
publicly positioned device, such as an ATM machine, does not typically have an option 
for establishing a communication link with a human operator, hence the limitation is not 
inherent from the cited reference. 

Regarding claim 17, the Examiner cites columns 4, lines 40-62 for the limitation 
that the telephone operator system that prompts a user is an interactive voice response 
system. The cited passage makes no explicit or inherent mention of an IVR system. 
Further, a publicly positioned device, such as an ATM machine, does not typically have 
an option for ostablishing a communication link with an IVR system. 
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Regard ing claim 37, Applicants claim that before the authorizing step, the publicly 
positioned device discards the device generated data from the user input. The Examiner 
cites column 5, lines 15-21 for this teaching. The cited reference does not disclose 
discarding the; device generated data from the user input as claimed and instead teaches 
the acts of prompting a user for verbal input. This verbal input is not discarded by the 
teachings of Maik. Naik relies upon the device generated data (speech characteristics 
extracted from it) within the input to perform the authorization. 

Claims 4, 6-15, 22, and 24-36 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Naik in view Watkins and/or in view of Watkins and Coteus. For a 
103(a) rejection to be validly asserted, each claimed limitation must be explicitly or 
implicitly taught by the cited references. 

Naik fa ils to explicitly or implicitly teach all of the limitation of claims 1, 19, and 
40. Specifically, Naik fails to explicitly or implicitly teach: a publicly positioned device, 
prompting for authorizing data, the interspersing of device generated data and authorizing 
data, and/or authorizing the user to utilize the publicly positioned device based upon 
whether the extracted authorizing data is equivalent to the authorizing data. 

Watkins and Coteus fail to overcome these deficiencies as neither explicitly nor 
implicitly provides these teaching. Accordingly the 35 U.S.C. § 103(a) rejections to 
claims 4, 6-15, 22, and 24-36 should be withdrawn, which action is respectfully 
requested 

Additionally, referring specifically to claims 4 and 22, the Applicants claim a 
visual interface though which a user can be visually prompted for the device generated 
data and the authorizing data. The Examiner states that column 11, lines 60-65 and 
column 12, lines 44-60 of Watkins discloses prompting a user for device generated data 
and authorizing data via a visual interface. Watkins, however, fails to disclose that users 
are to be prompted for device generated data in any fashion. Watkins also fails to teach 
the prompting for a combination of interspersed data (from claim 1). Instead Watkins 
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describes th it a computer with a keyboard and screen can be used to authorize a user 
based on ct e-response pairs. A user is never prompted for a COMBINATION that 
includes the CUE and response. Instead, Watkins teaches that the only input needed is 
the response:, which is used like a password. That is, the user of Watkins is never 
prompted to rater the cue as well as the response. 

The Applicants believe that this application is now in full condition for allowance, 
which action is respectfully requested The Applicants request that the Examiner call the 
undersigned if clarification is needed on any matter within this Amendment, or if the 
Examiner believes a telephone interview would expedite the prosecution of the subject 
application to completion. 



Respectfully submitted, 



Pate: <=^ 



JsCos — 




Gregory A, Nelson, Registration No. 30,577 
Richard A. Hinson. Registration No. 47,652 
Brian K. Buchheit, Registration No. 52,667 
AKERMAN SENTERFITT 
Customer No, 40987 
Post Office Box 3188 
West Palm Beach, FL 33402-3188 
Telephone: (561) 6.53-5000 
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